Guidance and Background on what DA Leaders need to know about the new European General Data Protection Regulation (GDPR)

What is the GDPR?

The GDPR - General Data Protection Regulation - is a new set of laws that deal with data protection in Europe. It is meant to create legal standards that will apply to all the EU countries. The GDPR contains changes for the public as well as businesses and organizations that handle personal information, like Democrats Abroad. In a nutshell, "it ensures that consumers own their private information and thus have the right to control its usage and that internet companies have an obligation to give consumers the tools to exercise that control."*

What do I need to know about GDPR?

In the past, Data Privacy laws in Europe have always applied to European businesses and EU Citizens. These new laws affect ALL EU residents, not just citizens. This means that these laws apply to our European members and will affect how we deal with membership information in Europe.

The GDPR was approved and adopted by the EU Parliament in April 2016. It came into force on Friday May 25, 2018.

ACK! What do I need to do?

If you have any access - Membership Lists, Database, Emailing, CallHub - to our membership data, please take a look at ourDo's and Dont's Under GDPR. Some of our older practices are changing - just slightly! And some old habits, although they may die hard, must be put to rest. Please read the Dos and Don'ts carefully. And take a look at our policy on contacting members.

We sent an email about Best Practices to all Admins on Tuesday May 22. An in depth version of this guide is available on the Wiki at Best Practices for Administrators.

Also, deleting Members requires a couple of extra steps on our end now. Please read about that here.

Is there a game plan? Can I help?

Yes, there is! Look here for our GDPR Project Plan. If you are a IT security specialist or a lawyer with an IT Security/GDPR specialty and you would like to get involved, we would love to hear from you. If you are currently an admin and you want to volunteer some time for this project, we would love to hear from you too. Send an email to helpdesk@democratsabroad.org and let us know.

Who does the GDPR affect?

Organizations located both within and outside of the EU which offer goods or services to, or monitor the behavior of, EU data subjects. It also applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

GDPR applies to anyone who lives in the EU, as well as to EU nationals. It actually expands the rights of our European-resident members with regards to their data.

I still have no idea what GDPR really is. What is it? Why do we at DA care?

GDPR expands the existing definition of personal data and lays out new standards regarding the ownership, use, and protection of this data.

Personal data will be defined as anything that can identify an individual. This means a name, an email, an address, a phone number, credit card details, or a pseudonym, among other things. We collect personal information at DA to be able to contact our members and inform them about voting and other issues.

Under GDPR, EU residents, regardless of their nationality, own their personal data and can therefore control how it may be used.

One of the most significant changes for individuals is the right to be forgotten. When someone asks to be deleted from the database, their request must be granted within 30 days, and all information we hold in our system about them must be deleted. We do this anyway, but the membership administrators in each country committe should be aware of this and not permit any requests to accumulate.

We must now be even more alert and conscious of how we treat our member information. We ask that all leaders take it upon themselves to keep up with any guidance and changes membership management procedures that are being distributed by ExCom and the IT Team, and NOT to take any unilateral actions with regard to our membership information.

I still have questions!!

And we have more answers!!! This Wiki page is not meant to be the definitive source for any and all GDPR information. We are putting together the answers to more questions that have been recently posed by our leaders and members, and we will post them as soon as we can!!! While we are doing that, below is a list of articles and websites for your perusal.

Please be aware that many sites have incorrect or misleading information about GDPR. Please check with the DA IT team and/or the DA Legal team if you have specific questions. You can also email Karen on the IT Team directly at karen@democratsabroad.org